PowerTech's Annual State of IBM i Security Study Reveals Alarming System Vulnerabilities That Could Lead to Data Theft

MINNEAPOLIS, MN--(Marketwired - May 15, 2014) - PowerTech, a division of HelpSystems and leader in security solutions for IBM i servers, today announced the release of the 2014 State of IBM i Security Study.

Now in its eleventh year, the study includes data from 233 servers and partitions audited with PowerTech's Compliance Assessment in 2013. The participating organizations spanned a broad range of industries, including finance, healthcare, communication, education, and transportation.

The results reveal lax password management procedures that leave IBM i systems vulnerable to hackers and internal security threats. Some of the most startling findings include:

53 percent of systems had more than 30 users with default passwords

One system had 1,823 user profiles with default passwords out of only 1,935 total users

29 percent of systems never require users to change their passwords

39 percent of systems failed to require a digit in passwords

One server experienced more than two million sign-on attempts against a single profile

"Weak password settings leave servers vulnerable to security breaches," says Robin Tatam, PowerTech Director of Security Technologies and author of the study. "Many organizations focus on external threats, but current and former employees are often responsible for data loss or theft, whether intentionally or not."

The findings also showed flaws in network access security. Of the systems included in the study, 94 percent neglected to prevent users from accessing critical data through services such as FTP, ODBC, JDBC, and DDM.

Tatam stresses that the study also reveals how network security weaknesses can be corrected with proper configuration settings, administration, and an IBM i security policy.

"This study demonstrates that an IBM i server is only as secure as the policies and configurations used to manage it," says Tatam. "Different organizations have different security and compliance needs. The factory settings simply don't offer sufficient protection."

HelpSystems, LLC is a leading provider of systems and network management, business intelligence, and security and compliance solutions. HelpSystems software reduces data center costs by improving operational control and delivery of IT services. Founded in 1982, the company has 15 offices worldwide and more than 9,000 customers from small businesses to Fortune 100 companies. Based in Minneapolis, Minnesota, HelpSystems sells its solutions directly and through strategic partners worldwide.